ExternalDNS webhook for Technitium DNS
3 minutes read •
Outside, a massive storm is raging. I'm about to settle on the sofa for a late-night movie. The storm has knocked out the internet, making Netflix inaccessible. Fortunately, I have some movies saved on my local Jellyfin server that I've been meaning to watch.
But... Android TV is unable to connect to it?! What's going on? Oh noes! It's the DNS. All the friendly domain names are defined on the public servers, and thus inaccessible in the current situation.
Even though above is part fiction, the underlying issue was real. I had set up my lab to register all of its domains on the Cloudflare DNS. It was the most convenient way of doing it. ExternalDNS, the project picking up all the domain names from the cluster and registering them, had Cloudflare DNS support built in.
For my internal ad-blocking DNS server, I was running Pi-hole. ExternalDNS also has built in support for Pi-hole, so I attempted to setup another instance of ExternalDNS to sync the internal domains to my Pi-hole. I found out, that Pi-hole doesn't support wildcard domains, which I make use of in my lab. Sadly the Pi-hole provider didn't support domain exclusions either, so there was no easy way for me to hack around this limitation.
This led me to switch from Pi-hole to the Technitium DNS server. I had already been eyeing Technitium for a while, so this gave me the push I needed. Technitium is a full-blown DNS server, with all the features that Pi-hole has and so much more (including support for wildcard domains). While ExternalDNS doesn't natively support Technitium, it does offer webhooks as an extension point. After reviewing the APIs required for the webhook, I decided I could throw together Technitium support for it down the line.
After some months, I finally got around to implementing that webhook to integrate Technitium DNS with ExternalDNS. I present to you external-dns-technitium-webhook.
Here's how I deploy it on my kubernetes cluster:
apiVersion: apps/v1
kind: Deployment
metadata:
name: external-dns-technitium-dns
namespace: external-dns
labels:
app.kubernetes.io/name: external-dns
spec:
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/name: external-dns
template:
metadata:
labels:
app.kubernetes.io/name: external-dns
spec:
serviceAccountName: external-dns
containers:
- name: external-dns
image: registry.k8s.io/external-dns/external-dns
args:
- --source=service
- --source=ingress
- --registry=noop
- --provider=webhook
- --webhook-provider-url=http://localhost:5580
- name: webhook
image: ghcr.io/roosmaa/external-dns-technitium-webhook
env:
- name: RUST_LOG
value: "external_dns_technitium_webhook=info"
- name: LISTEN_PORT
value: "5580"
- name: TECHNITIUM_URL
value: "http://technitium-dns-dashboard.dns.svc.cluster.local:5380"
- name: ZONE
value: "roosmaa.net"
envFrom:
- secretRef:
name: technitium-dns
resources:
requests:
cpu: 1m
memory: 10Mi
readinessProbe:
httpGet:
port: 5580
path: /health
failureThreshold: 1
---
kind: Secret
type: Opaque
apiVersion: v1
stringData:
TECHNITIUM_USERNAME: admin
TECHNITIUM_PASSWORD: admin
metadata:
name: technitium-dns
namespace: external-dns
The external-dns-technitium-webhook takes the following environment variables:
TECHNITIUM_URL- the URL for the Technitium API; in my case it's the cluster internal service hostname, with the default port.TECHNITIUM_USERNAME- username for authenticating with Technitium API.TECHNITIUM_PASSWORD- password for authenticating with Technitium API.ZONE- the DNS zone that the connector is expected to use, it will automatically create a zone of Forward type, if it doesn't exist in the server already.DOMAIN_FILTERS- a list of domain suffixes to support,;separated (e.g.,.foo.roosmaa.net;.bar.roosmaa.net).
Be sure to check out the GitHub repository for up-to-date usage information on the project. And if there's something missing, don't hesitate to open a PR.